Morten Nilsen, 02.08.2005 15:34: > Olaf Rempel wrote: > >>iptables -t nat -A POSTROUTING -o eth0 -d 10.0.1.3 -j SNAT --to 10.0.1.1 > > > I don't quite get this one.. >
My head hurts after trying to read and understand your problem, but with NAT you have SNAT and DNAT. DNAT is when you NAT incoming packages and change their destination, like you want to do here. So you DNAT the packets to 10.0.0.2 to 10.0.1.3 (like you have done). Then you have to SNAT (change source of) the packets from 10.0.1.3 so that they appear to come from 10.0.0.2. Why Olaf SNATs to 10.0.1.1 I'm not sure of, I'd say it's a typo. iptables -I INPUT -i eth1 -d 10.0.0.2 -j ACCEPT iptables -I FORWARD -i eth1 -d 10.0.0.2 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -d 10.0.0.2 -j DNAT --to-destination 10.0.1.3 iptables -t nat -I POSTROUTING -o eth1 -s 10.0.1.3 -j SNAT --to-source 10.0.0.2 The main change is from DNAT to SNAT on your last line. _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
